From 977406de765f78d34f390da9319d2371f3a22632 Mon Sep 17 00:00:00 2001
From: Ludovic Marcotte <lmarcotte@inverse.ca>
Date: Wed, 10 Jun 2015 16:31:30 -0400
Subject: [PATCH] Improved rationale

---
 SoObjects/SOGo/SOGoUserManager.m | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m
index b671d5ec1..d50ac05f2 100644
--- a/SoObjects/SOGo/SOGoUserManager.m
+++ b/SoObjects/SOGo/SOGoUserManager.m
@@ -459,7 +459,16 @@ static Class NSNullK;
 
       // If we are using multidomain and the UIDFieldName is not part of the email address
       // we must also try to bind without the domain part since internally, SOGo will use
-      // UID @ domain as its unique identifier.
+      // UIDFieldName @ domain as its unique identifier if the UIDFieldName is used to
+      // authenticate. This can happen for example of one has in LDAP:
+      //
+      // dn: uid=foo,dc=example,dc=com
+      // uid: foo
+      // mail: broccoli@example.com
+      //
+      // and authenticates with "foo", using bindFields = (uid, mail) and SOGoEnableDomainBasedUID = YES;
+      // The -checkLogin:... above would have failed because SOGo would first try to bind using: foo@example.com
+      //
       if (!checkOK && *domain && [sd enableDomainBasedUID] && r.location != NSNotFound)
         {
           checkOK = [sogoSource checkLogin: [login substringToIndex: r.location]